Hacker Community,
As part of our ongoing commitment to protecting both our community and our customers, we’ve made an important security update: Multi-Factor Authentication (MFA) is now mandatory for all Bugcrowd accounts.
Why this change?
We recently accelerated this work on our product roadmap after identifying threat intelligence involving leaked credentials from other bug bounty platforms. While Bugcrowd was not impacted, the situation highlighted how critical it is to stay ahead of potential threats.
What’s changing?
To proactively strengthen security across the Bugcrowd platform:
- MFA is now required for all hacker accounts.
- Anyone not using MFA will need to reset their password immediately.
We know MFA adds a small step to your login flow—but in 2025, it’s one of the most effective ways to prevent unauthorized access. Your account, your data, and your reputation are worth the extra click.
For programmatic access:
If you use the platform via the API, you can scan the QR code during MFA setup to retrieve the secret key, which allows you to generate One-Time Passwords (OTPs) programmatically.
We appreciate your continued commitment to security. These changes are about keeping you, our customers, and the community safe—today and into the future.
If you have any questions or need help with MFA setup, don’t hesitate to reach out to support.
Stay safe,
Hacker Success Team
